> What is the convincing reason that MicroSlop is the trusted party to sign the shim with their (presumably NSA-blessed key)?
For OEMs, presumably the stranglehold they have on them via Windows. For users, not much, but none of the ones making these decisions really care about that.
Nothing stops vendors from shipping additional keys, and several do - I've seen multiple laptops that included an Ubuntu signing cert (contrary to Canonical's recommendation)
For OEMs, presumably the stranglehold they have on them via Windows. For users, not much, but none of the ones making these decisions really care about that.